WP-Safety

Rownd — Instant user accounts and authentication Security & Risk Analysis

wordpress.org/plugins/rownd-accounts-and-authentication

Instantly turn visitors into users with Rownd's radically simple, user-centric authentication.

10 active installs v1.3.3 PHP 7.2+ WP 4.5+ Updated Apr 11, 2023
accountsauthenticationprofileuserswoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Rownd — Instant user accounts and authentication Safe to Use in 2026?

Generally Safe

Score 85/100

Rownd — Instant user accounts and authentication has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "rownd-accounts-and-authentication" plugin v1.3.3 exhibits a generally good security posture, with strengths in its minimal attack surface and robust handling of SQL queries and output escaping. The absence of dangerous functions, file operations, and external HTTP requests are positive indicators. Furthermore, the lack of any recorded vulnerabilities or CVEs is a strong sign of mature and secure development practices. However, a significant concern arises from its REST API routes, where one out of two routes lacks proper permission callbacks, exposing a potential entry point without authentication. While taint analysis shows no critical flows, this unprotected REST API route represents a tangible risk that could be exploited if sensitive data or functionality is exposed through it. The plugin's strengths in code hygiene are commendable, but this single unprotected endpoint significantly lowers its overall security score.

Key Concerns

  • REST API route without permission callback
Vulnerabilities
None known

Rownd — Instant user accounts and authentication Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Rownd — Instant user accounts and authentication Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
29 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Guzzle

Output Escaping

85% escaped34 total outputs
Attack Surface
1 unprotected

Rownd — Instant user accounts and authentication Attack Surface

Entry Points2
Unprotected1

REST API Routes 2

POST/wp-json/rownd/v1/authsrc\Plugin.php:33
POST/wp-json/rownd/v1/auth/signoutsrc\Plugin.php:39
WordPress Hooks 16
actioninitsrc\Plugin.php:13
actionrest_api_initsrc\Plugin.php:14
actionadmin_menusrc\Plugin.php:15
actionadmin_enqueue_scriptssrc\Plugin.php:16
actionwp_enqueue_scriptssrc\Plugin.php:17
actionadmin_post_rownd_save_settingssrc\Plugin.php:18
actionprofile_updatesrc\Plugin.php:19
filterplugin_action_links_rownd-accounts-and-authentication/index.phpsrc\Plugin.php:21
filterplugin_row_metasrc\Plugin.php:22
filterdetermine_current_usersrc\Plugin.php:23
filterrest_user_querysrc\Plugin.php:24
actionwoocommerce_before_checkout_formsrc\Plugin.php:85
actionwoocommerce_after_order_detailssrc\Plugin.php:87
actionuser_registersrc\Plugin.php:91
filterwc_get_templatesrc\Plugin.php:94
filterwoocommerce_rest_customer_querysrc\Plugin.php:97
Maintenance & Trust

Rownd — Instant user accounts and authentication Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedApr 11, 2023
PHP min version7.2
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Rownd — Instant user accounts and authentication Alternatives

Password Strength Settings for WooCommerce

Password Strength Settings for WooCommerce

wc-password-strength-settings

A
85

Help secure your WooCommerce site by enforcing stronger passwords and taking additional control of your strength requirements.

10K No CVEs
WP Mechanic

WP Mechanic

wp-mechanic

A
92

WP Mechanic is a combination of WordPress and Android Playstore Applications. Experience a set of hybrid software applications.

10 No CVEs
User Switching

User Switching

user-switching

A
100

Instant switching between user accounts in WordPress and WooCommerce.

200K No CVEs
One User Avatar | User Profile Picture

One User Avatar | User Profile Picture

one-user-avatar

A
99

Use any image from your WordPress Media Library as a custom user avatar or user profile picture. Add your own Default Avatar.

100K 2 CVEs
Simple Local Avatars

Simple Local Avatars

simple-local-avatars

A
93

Adds an avatar upload field to user profiles. Generates requested sizes on demand just like Gravatar!

100K 6 CVEs
Developer Profile

Rownd — Instant user accounts and authentication Developer Profile

rownd

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Rownd — Instant user accounts and authentication

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/rownd-accounts-and-authentication/js/rownd-plugin-admin.js/wp-content/plugins/rownd-accounts-and-authentication/css/rownd-plugin-admin.css/wp-content/plugins/rownd-accounts-and-authentication/js/rownd-plugin-frontend.js
Script Paths
/wp-content/plugins/rownd-accounts-and-authentication/js/rownd-plugin-admin.js/wp-content/plugins/rownd-accounts-and-authentication/js/rownd-plugin-frontend.js
Version Parameters
rownd-accounts-and-authentication/js/rownd-plugin-admin.js?ver=rownd-accounts-and-authentication/css/rownd-plugin-admin.css?ver=rownd-accounts-and-authentication/js/rownd-plugin-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
rownd-admin-settings-wraprownd-checkout-wrapper
HTML Comments
<!-- Rownd: Sign in prompt --><!-- Rownd: Checkout integration --><!-- Rownd admin settings -->
Data Attributes
data-rownd-modal-targetdata-rownd-auth-targetdata-rownd-widget
JS Globals
window.Rowndvar rownd_vars
REST Endpoints
/wp-json/rownd/v1/auth/wp-json/rownd/v1/auth/signout
FAQ

Frequently Asked Questions about Rownd — Instant user accounts and authentication